Re: [6tisch-security] [6tisch] xxx-bootstrap
Göran Selander <goran.selander@ericsson.com> Tue, 06 December 2016 18:50 UTC
Return-Path: <goran.selander@ericsson.com>
X-Original-To: 6tisch-security@ietfa.amsl.com
Delivered-To: 6tisch-security@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 76905129A8F for <6tisch-security@ietfa.amsl.com>; Tue, 6 Dec 2016 10:50:45 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.221
X-Spam-Level:
X-Spam-Status: No, score=-4.221 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 40mF2cVYYdBv for <6tisch-security@ietfa.amsl.com>; Tue, 6 Dec 2016 10:50:42 -0800 (PST)
Received: from sesbmg22.ericsson.net (sesbmg22.ericsson.net [193.180.251.48]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6F3FF129A98 for <6tisch-security@ietf.org>; Tue, 6 Dec 2016 10:50:42 -0800 (PST)
X-AuditID: c1b4fb30-037da980000054c8-69-584708809a55
Received: from ESESSHC023.ericsson.se (Unknown_Domain [153.88.183.87]) by (Symantec Mail Security) with SMTP id 59.F2.21704.08807485; Tue, 6 Dec 2016 19:50:40 +0100 (CET)
Received: from ESESSMB303.ericsson.se ([169.254.3.128]) by ESESSHC023.ericsson.se ([153.88.183.87]) with mapi id 14.03.0319.002; Tue, 6 Dec 2016 19:50:30 +0100
From: Göran Selander <goran.selander@ericsson.com>
To: "6tisch-security@ietf.org" <6tisch-security@ietf.org>
Thread-Topic: [6tisch-security] [6tisch] xxx-bootstrap
Thread-Index: AQHSSuDPU1xNoBfYBUWdkIQa1WBi/qDyKnSAgACSKYCACHAPAIAAIM3w
Date: Tue, 06 Dec 2016 18:50:29 +0000
Message-ID: <9584A7BF-03DF-4385-86DB-4B0A0F931026@ericsson.com>
References: <efb18853e63642bc4a996dc419cd1efb@xs4all.nl> <31466.1480551529@obiwan.sandelman.ca> <72f491eeb444448daa34196c9ac656ea@xs4all.nl>, <13358.1481046786@obiwan.sandelman.ca>
In-Reply-To: <13358.1481046786@obiwan.sandelman.ca>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFrrFLMWRmVeSWpSXmKPExsUyM2J7uG4Dh3uEQf8SM4vmlYvYHRg9liz5 yRTAGMVlk5Kak1mWWqRvl8CVsX1FD0vBHrGKm5f7WRsYG4S6GDk5JARMJFYsncDUxcjFISSw jlFibkcLI4SzmFGi93QPI0gVm4CrxIEH75hAbBEBS4ntq/+xdTFycAgLmEocfaMKETaT2Dj9 PCNIWETATWJVvxpImEVAReJizxtmEJtXwF7iwZ9rrBDjtzNKHGqfApbgFDCWeLr1P9h4RgEx ie+n1oDZzALiEreezGeCOFRAYsme88wQtqjEy8f/WCFq9CRuTJ3CBmFrSyxb+BpqmaDEyZlP WCYwCs9CMmoWkpZZSFpmIWlZwMiyilG0OLU4KTfdyEgvtSgzubg4P08vL7VkEyMwxA9u+W2w g/Hlc8dDjAIcjEo8vAWX3CKEWBPLiitzDzFKcDArifD6s7lHCPGmJFZWpRblxxeV5qQWH2KU 5mBREuc1W3k/XEggPbEkNTs1tSC1CCbLxMEp1cDIIcjcuJX3x9bpiacXbbptrbFl/6O7Zy9u 8fpvNuF+VLqFYKL7vUSV6s0m0xWDE/4WMf86pThRc9viaxHO2ZZx3C8tPbus2xweSPa7PDh/ b2YVU77kSa3Gykrjmd/C3MI+VbeKzt0t9qxJ87/NaX6Ta3KP5QK2l7jW3jf/GLRY5O/nhclt VkZKLMUZiYZazEXFiQA07wPAbQIAAA==
Archived-At: <https://mailarchive.ietf.org/arch/msg/6tisch-security/n-wmwFsCsL1-cIQVP1KPnrG_l0s>
Subject: Re: [6tisch-security] [6tisch] xxx-bootstrap
X-BeenThere: 6tisch-security@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Extended Design Team for 6TiSCH security architecture <6tisch-security.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/6tisch-security>, <mailto:6tisch-security-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/6tisch-security/>
List-Post: <mailto:6tisch-security@ietf.org>
List-Help: <mailto:6tisch-security-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/6tisch-security>, <mailto:6tisch-security-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 06 Dec 2016 18:50:45 -0000
> On 6 Dec 2016, at 18:53, Michael Richardson <mcr+ietf@sandelman.ca> wrote: > > > replying to three of your messages, and trying to repoint the thread at > 6tisch-security. > > peter van der Stok <stokcons@xs4all.nl> wrote: >> all in favor of one approach to merge the push/pull aspects. (I have to >> understand the protocol exchange below, but it looks feasibale) >> I am not sure about understanding EDHOC, but may be that is not important. > > I think it is. > >> I still see all the mime formats. is that phase 1? > > They are HTTP content-types really. > That's part of of the phase 2. > >> Is phase 2 then switching to OSCOAP with a single format containing binary >> encoding? > > No, we would use EDHOC to create a secure session, and then we would run > our EST-CoAP-variant over that. No DTLS at all. > > peter van der Stok <stokcons@xs4all.nl> wrote: >> I don't think EDHOC is meant to replace EST or the anima work. > > EDHOC doesn't replace EST, it replaces DTLS. > > peter van der Stok <stokcons@xs4all.nl> wrote: >> As discussed earlier, having a push/pull agnostic protocol would be >> nice. (and probably feasible) > >> As stated earlier, I think that discovery and which node starts the bootstrap >> protocol (BRSKI) is very much installation/technology dependent, and should >> be done in another document. > > I feel very much like I am the holdout for having the JCE initiate the join > protocol. > >> My intention was to reduce the coding effort of the registrar by making 1) >> and 2) as similar as can be hoped for; >> while payload considerations are of secondary importance. >> My hope being that a manufacturer will deliver a registrar box supporting >> both coap and http versions. > >> When the consensus is that adding coap is already such an extra effort that >> code sharing between http and coap versions does not alleviate the effort, >> then any solution for coap that concentrates on payload reduction is fine by >> me. > > I can see an implementation where a front-end requests/processes the PKCS > format messages in traditional EST and the CoAP push/pull variants, and then > feeds it into the same engine. > > I think that the biggest interoperability problem that we are going to have > is in the step where the Registrar/JCE tells the Pledge what to put in it's > CSR. This is because this part probably involves doing real ASN.1 work, and > pledges will want none of that. > > -- > Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works > -= IPv6 IoT consulting =- > > > > _______________________________________________ > 6tisch-security mailing list > 6tisch-security@ietf.org > https://www.ietf.org/mailman/listinfo/6tisch-security
- [6tisch] xxx-bootstrap peter van der Stok
- Re: [6tisch] xxx-bootstrap Mališa Vučinić
- Re: [6tisch] xxx-bootstrap peter van der Stok
- Re: [6tisch] xxx-bootstrap Mališa Vučinić
- Re: [6tisch] xxx-bootstrap Michael Richardson
- Re: [6tisch] xxx-bootstrap Michael Richardson
- Re: [6tisch] xxx-bootstrap peter van der Stok
- Re: [6tisch] xxx-bootstrap peter van der Stok
- Re: [6tisch] xxx-bootstrap Göran Selander
- Re: [6tisch] xxx-bootstrap peter van der Stok
- Re: [6tisch] xxx-bootstrap Michael Richardson
- Re: [6tisch-security] [6tisch] xxx-bootstrap Michael Richardson
- Re: [6tisch-security] [6tisch] xxx-bootstrap Göran Selander
- Re: [6tisch] xxx-bootstrap Göran Selander
- Re: [6tisch] xxx-bootstrap peter van der Stok
- Re: [6tisch] xxx-bootstrap Mališa Vučinić
- Re: [6tisch] xxx-bootstrap peter van der Stok
- Re: [6tisch] xxx-bootstrap Mališa Vučinić